CVE-2023-42781

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/11/2023
Last modified:
20/11/2023

Description

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.<br /> Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* 2.7.3 (excluding)